Dropbox Users Warned About Accidental File Sharing Leaks

People who use file storage and sharing services, such as Dropbox are being warned that they might be accidentally leaking their files onto the wider internet.

As a lot of people use the services to share confidential documents, the
accidental leaks could have serious consequences.

The problems stemmed from the way users can generate a public link to their
files, which could sometimes be accidentally used to share private files. It was
less a technical fault than a problem with unexpected user behaviour.

Dropbox said that it is disabling the public link facility while it works on
a new more secure version.

In a blog post, DropBox apologised for the inconvenience while it works on
the new service.

Other file sharing services are understood to have similar issues and can be
expected to deploy their own "user behaviour" fixes shortly.

The vulnerability stems from an issue if a user uploads a private document,
that contains a weblink to 3rd-party website. When that link is clicked, the
website also get the location of the dropbox document in its own server logs as
the referrer.

The website could then reverse that back to access the otherwise private
document.

The key will be to develop a way of sharing links that is both convenient,
but not so convenient that it is too easy to accidentally share a file the user
wants to keep private.

The most likely model would be to cloak referrer identites when a link is
clicked within the DropBox environment, although that adds more layers of
complexity to the underlying service.

Search News Articles

small ad block

All rights reserved. Reproduction of this website,in whole or in part, in any form or medium without express written permission from cellular-news is prohibited. Your use of this website is subject to legal terms - Site Map.